<?php
mysql_connect('localhost', 'root', '');
mysql_select_db('administrasi');
?>
<form action="" method="post">
    <input type="password" name="plama" placeholder="Password Lama" required> <br>
    <input type="password" name="pbaru" placeholder="Password Baru" required>
    <input type="submit" value="Simpan Perubahan" name="simpan">
</form>
<?php
if (isset($_POST['simpan'])) {
    $admin = $_SESSION['namauser'];
    $password = $_SESSION['passuser'];
    $plama = md5($_POST['plama']);
    $pbaru = md5($_POST['pbaru']);
    if ($plama == $password) {
        $ubah = mysql_query("UPDATE users SET `password`='$pbaru' WHERE `user_id`='$admin'");
        if ($ubah) {
            echo "<script>alert('Password berhasil dirubah')</script>";
        } else {
            echo "<script>alert('Password gagal dirubah')</script>";
        }
    }
}
?>